Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Nginx Improper Input Validation Vulnerability (CVE-2011-4968)

Description

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

Remediation

References

Related Vulnerabilities

WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)

Oracle Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1371)

Oracle JRE CVE-2012-5088 Vulnerability (CVE-2012-5088)

Internet Information Services Other Vulnerability (CVE-1999-1223)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1524)

Severity

Medium

Classification

CVE-2011-4968 CWE-20 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities